日期:2014-05-17  浏览次数:21068 次

CreateToolhelp32Snapshot无法获得system.exe的模块信息
求助!尝试使用toolhelp来获取system的进程信息,能够得到线程信息,但是无法得到模块信息。

先是提示错误,编号5,是权限的问题;然后提权,依然提示错误,编号8,说是堆空间不足的问题。

代码:
C/C++ code
#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>
#include <stdio.h>
#include <stdlib.h>

BOOL   EnableDebugPrivilege(BOOL   fEnable)
{
    //   Enabling the debug privilege allows the application to see
    //   information   about   service   applications
    BOOL   fOk   =   FALSE; //   Assume   function   fails
    HANDLE   hToken;

    //   Try   to   open   this   process's   access   token
    if(OpenProcessToken(GetCurrentProcess(),   TOKEN_ADJUST_PRIVILEGES,   &hToken))
    {
        //   Attempt   to   modify   the   "Debug"   privilege
        TOKEN_PRIVILEGES   tp;
        tp.PrivilegeCount   =   1;
        LookupPrivilegeValue(NULL,   SE_DEBUG_NAME,   &tp.Privileges[0].Luid);
        tp.Privileges[0].Attributes   =   fEnable   ?   SE_PRIVILEGE_ENABLED   :   0;
        AdjustTokenPrivileges(hToken,   FALSE,   &tp,   sizeof(tp),   NULL,   NULL);
        fOk   =   (GetLastError()   ==   ERROR_SUCCESS);
        CloseHandle(hToken);
    }
    return(fOk);
}

//  Forward declarations:
BOOL ListProcessModules( DWORD dwPID );
BOOL ListProcessThreads( DWORD dwOwnerPID );
void printError( TCHAR* msg );

int main( void )
{
    //    GetProcessList( );
    EnableDebugPrivilege(TRUE);
    ListProcessThreads( 4 );
    ListProcessModules( 4 );
    EnableDebugPrivilege(FALSE);
    system("pause");
    return 0;
}


BOOL ListProcessModules( DWORD dwPID )
{
    HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
    MODULEENTRY32 me32;

    EnableDebugPrivilege(TRUE);
    // Take a snapshot of all modules in the specified process.
    hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwPID );
    if( hModuleSnap == INVALID_HANDLE_VALUE )
    {
        printError( TEXT("CreateToolhelp32Snapshot (of modules)") );
        return( FALSE );
    }

    // Set the size of the structure before using it.
    me32.dwSize = sizeof( MODULEENTRY32 );

    // Retrieve information about the first module,
    // and exit if unsuccessful
    if( !Module32First( hModuleSnap, &me32 ) )
    {
        printError( TEXT("Module32First") );  // show cause of failure
        CloseHandle( hModuleSnap );           // clean the snapshot object
        return( FALSE );
    }

    // Now walk the module list of the process,
    // and display information about each module
    int i=1;
    do
    {
        _tprintf( TEXT("模块%d Base address:0x%08X"), i,(DWORD) me32.modBaseAddr);
        _tprintf( TEXT(" Path:%s\n"),     me32.szExePath );
    } while( Module32Next( hModuleSnap, &me32 ) );

    EnableDebugPrivilege(FALSE);

    CloseHandle( hModuleSnap );
    return( TRUE );
}

BOOL ListProcessThreads( DWORD dwOwnerPID )
{
    HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
    THREADENTRY32 te32;

    // Take a snapshot of all running threads
    hThreadSnap = CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, 0 );
    if( hThreadSnap == INVALID_HANDLE_VALUE )
        return( FALSE );

    // Fill in the size of the structure before using it.
    te32.dwSize = sizeof(THREADENTRY32);

    // Retrieve information about the first thread,
    // and exit if unsuccessful
    if( !Thread32First( hThreadSnap, &te32 ) )
    {
        printError( TEXT("Thread32First") ); // show cause of failure
        CloseHandle( hThreadSnap );          // clean the snapshot object
        return( FALSE );
    }

    // Now walk the thread list of the system,
    // and display information about each thread
    // associated with the specified process
    int i=1;
    do
    {
        if( te32.th32OwnerProcessID == dwOwnerPID )
        {
            _tpr